[SystemSafety] New paper on MISRA C
Peter Bishop
pgb at adelard.com
Wed Sep 12 14:59:29 CEST 2018
I agree you can point to cases where components are individually
reliable but the *system* is unsafe due to incomplete requirements
But that is not the whole story, an unreliable component that fails to
implement correct requirements can also make a system unsafe.
There can be safeguards in the system architecture that reduce the risk
of failing components. Nevertheless unreliable components can affect
system safety.
Peter Bishop
Adelard
On 12/09/2018 13:17, Derek M Jones wrote:
> Paul,
>
>>>> As I understand it MIT and others have successfully debunked the
>>>> notion that system safety is correlated with component reliability.
>>>
>>> Can you point me at the references for this assertion?
>>
>> The first section of Nancy Leveson's Engineering a Safer World ([1] is
>> draft, but the final published work is not materially different)
>
> Grrr, the pdf does not support cut-and-paste. Otherwise a book
> well worth reading.
>
> Modulo transcription mistakes (section 2.1):
> "Safety and reliability are different properties. One does not imply
> or require the other: A system can be reliable and unsafe. It can also
> be safe but unreliable."
>
> I read this (and subsequent material) as saying that the correlation
> is not 100% (and some people think it is).
>
> I would certainly agree that it is not 100%. But is it 50%, 25%?
> I don't think it is 0%.
>
> Does anybody have suggested numbers for the correlation?
>
>
More information about the systemsafety
mailing list